Back to search
CVE-2013-4458
Published: Dec 12, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests
mailing-list
x_refsource_MLIST
SUSE-SU-2016:0470
vendor-advisory
x_refsource_SUSE
MDVSA-2013:284
vendor-advisory
x_refsource_MANDRIVA
GLSA-201503-04
vendor-advisory
x_refsource_GENTOO
MDVSA-2013:283
vendor-advisory
x_refsource_MANDRIVA
https://sourceware.org/bugzilla/show_bug.cgi?id=16072
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now